AWS AWSEC2 documentation change
Summary
Removed example IAM policies for EC2 instance creation restrictions and IMDS modification controls
Security assessment
Removal of example security policies reduces documentation clarity but doesn't indicate a security vulnerability. The deleted policies were examples rather than addressing active issues.
Diff
diff --git a/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md b/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md index 71642b0b0..057fdad80 100644 --- a//AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md +++ b//AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md @@ -759,40 +758,0 @@ Only allow specific tags for spot-instances-request. Surprise inconsistency numb -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowRun", - "Effect": "Allow", - "Action": [ - "ec2:RunInstances" - ], - "Resource": [ - "arn:aws:ec2:us-east-1::image/*", - "arn:aws:ec2:us-east-1:*:subnet/*", - "arn:aws:ec2:us-east-1:*:network-interface/*", - "arn:aws:ec2:us-east-1:*:security-group/*", - "arn:aws:ec2:us-east-1:*:key-pair/*", - "arn:aws:ec2:us-east-1:*:volume/*", - "arn:aws:ec2:us-east-1:*:instance/*", - ] - }, - { - "Effect": "Allow", - "Action": "ec2:RunInstances", - "Resource": "arn:aws:ec2:us-east-1:*:spot-instances-request/*", - "Condition": { - "StringEquals": { - "aws:RequestTag/environment": "production" - } - } - } - ] - } - - @@ -1864,25 +1823,0 @@ The following policy permits only users with the role `ec2-imds-admins` to make -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowOnlyImdsAdminsToModifySettings", - "Effect": "Deny", - "Action": "ec2:ModifyInstanceMetadataOptions", - "Resource": "*", - "Condition": { - "StringNotLike": { - "aws:PrincipalARN": "arn:aws:iam::*:role/ec2-imds-admins" - } - } - } - ] - } - -